Esempio n. 1
0
        public IViewComponentResult Invoke(string controller, string action)
        {
            var userId = int.Parse(User.Identity.FindFirstValue(ClaimTypes.NameIdentifier));

            ViewBag.HasAccess = _usersAccessRepository.HasAccess(userId, controller, action);

            ViewBag.Controller = controller;
            ViewBag.Action     = action;

            return(View());
        }
Esempio n. 2
0
            public override void OnActionExecuting(ActionExecutingContext context)
            {
                try
                {
                    var isAllowAccess = context.ActionDescriptor.EndpointMetadata.Any(a => a.GetType() == typeof(AllowAccessAttribute));

                    if (!isAllowAccess)
                    {
                        if (!context.HttpContext.User.Identity.IsAuthenticated)
                        {
                            context.HttpContext.Response.Redirect("/Account/Login", true);
                        }
                        else
                        {
                            var route = context.ActionDescriptor.RouteValues;
                            //*************************************REVIEW**********************************************************
                            var userId = int.Parse(context.HttpContext.User.Identity.FindFirstValue(ClaimTypes.NameIdentifier));
                            var role   = _usersRoleRepository.TableNoTracking.FirstOrDefault(a => a.UserId == userId).RoleId;

                            // تصمیم گیری نهایی که برای ما سرعت مهم است یا امنیت
                            //var role = int.Parse(context.HttpContext.User.Identity.FindFirstValue(ClaimTypes.Role));

                            //*****************************************************************************************************

                            if (!_usersAccessRepository.HasAccess(role, route))
                            {
                                context.Result = new BadRequestResult();
                            }
                        }
                    }
                }
                catch
                {
                    context.Result = new BadRequestResult();
                }
            }